Kaspersky researcher Costin Raiu said his company came across computers compromised by the StarCruft cyber-espionage group in two different campaigns, one they named Operation Daybreak and one Operation Erebus.

StarCruft hackers used the Flash Zero Day to trigger a memory corruption bug in Flash Player, which allowed them to execute code on the victim’s machine and take over the device.

Besides the Zero Day (CVE-2016-4171), the group also employed other Flash exploits such as CVE-2016-4117 and CVE-2016-0147, the latter of which was a Zero Day the company patched in April.

The recent Flash Player Zero Day works on all versions of Flash, but Raiu said Microsoft EMET, if installed, would be able to block exploitation.

Adobe also fixed other issues in Flash, such as two type confusion vulnerabilities, six use-after-free issues, three heap buffer overflow problems, one directory search path bug, and 22 memory corruption issues. All led to remote code execution and allowed attackers to run code on targeted machines.

Updates for Flash running on Windows, Mac, and Linux released and are available for download. The latest Adobe Flash Player version numbers are 22.0.0.192 for Windows and Mac, and 11.2.202.626 for Linux.